BIG-IP Advanced WAF

Secure apps and APIs with BIG-IP Advanced WAF

Identify and block attacks other WAFs miss

Protect your applications with behavioral analytics, layer 7 DoS mitigation, application-layer encryption of sensitive data, threat intelligence services, and API security.

Application-Layer Attacks - Application-layer attacks can evade signature and reputation-based security solutions.
Web App and API Attacks - New application attack surfaces and increased threat thresholds are popping up due to the rapid adoption of APIs (ex. GraphQL APIs, OWASP Top 10).
Security Automation for DevOps - Bring apps to market faster with lower cost and higher security efficacy.
Targeted Attack Campaigns - Active attack campaigns are difficult to detect from singular attacks.
Automated Attacks and Bots - Automated attacks and bots can overwhelm application resources.
Credential Theft - Attacks that steal application credentials or take advantage of compromised accounts.

Identify and block attacks other WAFs miss

Product Overview

Flexible deployment and management options to fit your needs

BIG-IP Advanced WAF identifies and blocks attacks other WAFs miss. BIG-IP Advanced WAF delivers a dedicated, dynamic dashboard ensuring compliance against threats listed in the OWASP Top 10, guided configurations for common WAF use cases, learning engine and customized policy building, and granular security policies for microservices and APIs.

Software

Deploy on any leading hypervisor in your data center or your private cloud.

See software options ›

Public cloud

Available from select public cloud providers, including Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform.

See cloud options ›

Hardware

Runs on high-performance hardware to protect your applications.

See hardware options ›

Core Capabilities

Advanced application protection

Combines machine learning, threat intelligence, and deep application expertise

API protocol security

Deploys tools to secure GraphQL REST/JSON, XML, and GWT APIs

Security as code

Declarative API-based deployment and configuration enables delivering security as “code”

In-browser data encryption

Encrypts data at the app layer to protect against data-extracting malware and man-in-the-browser attacks

Behavioral DoS

Behavioral analytics and machine learning provide highly accurate L7 DoS detection and mitigation

Defenses for the OWASP Top 10

Defends critical apps from today’s biggest security concerns, including those listed in the OWASP Top 10

Stolen credential protection

Protects against brute-force attacks that use stolen credentials

Proactive bot defense

Protects apps from automated attacks by bots and other malicious tools

Platform Support and Integrations

Leading independent software vendors (ISVs)

Public cloud providers

DAST and SAST providers

SIEM, SOAR, and XDR providers

Technology alliances

F5 collaborates with leading independent software vendors (ISVs) to help customers secure their digital experiences.

Awards and Recognition

2023 PeerSpot Tech Leader for Web Application Firewall (WAF)

Resources

Featured

Why Advanced Threats Require Advanced Application Defense

Not all WAF solutions are the same. Most are inadequate against the myriad of attacks across the evolving risk landscape. BIG-IP Advanced WAF is a new category of app protection that introduces unique capabilities to the WAF market.

Watch the on-demand webinar